Thread: Certificate viewer/manager - Where to find it ?
View Single Post
  #4  
Old August 9th 14, 11:05 AM posted to microsoft.public.win98.gen_discussion
JJ[_2_]
external usenet poster
  
Posts: 36
Default Certificate viewer/manager - Where to find it ?
On Fri, 8 Aug 2014 11:14:34 +0200, R.Wieser wrote:
Hell JJ,

Did your MSC file association broke?

As far as I can tell I never had such a file association. Is it maybe part
of an add-on installation (from the Win98se CD) ?

Try this command line:

mmc c:\windows\system\certmgr.msc

Yes, while googeling I found that reference too. Alas, MMC.EXE is not found
on my machine (remember: Win98se). I did find an MMC.DLL though. Any
relation ?

Oops, I forgot that it's part of Windows 98 Resource Kit. In the CD, the MMC
setup package can be found at:

X:\tools\reskit\setup\mmc\mmc.exe

As for the other question, do I still need those CA and Root certificates on
a Win98se machine, any idea ? Could they (still) be harmfull to my machine
(automatically trusted and al that).

Root certificates are needed for verifying certificate of secured/HTTPS
sites, and digital signature in EXE/DLL/SYS/etc. files. Of course, that's if
the program use Windows own certificate database. Some open-source programs
use their own certificate database.

The only (potentionally) harmful certificates are those that are not yet
expired but have been revoked by Microsoft. Expired certificates are
considered invalid and will no longer usable, so no need to worry. Any
certificate verifier would present a prompt, or fail the verification if it
encounter an expired certificate. Any non-expired lower level certificates
will also be invalid if the upper level certificates are invalid.

I don't know if this is possible in Windows 9x, but you may want to try
manually extracting the Certificate Revocation List Hotfix to get the *.SST
files and importing them into the certificate database - even though the
hotfix program may not be made for Windows 9x. The latest Hotfix (July 2014)
can be found he

http://www.microsoft.com/en-us/download/details.aspx?id=43672

That hotfix is for Windows Server 2003. If it refuses to run under Windows
9x, extract the content using 7-Zip, WinRAR, or any archive manager that
support extracting a self-extracting CAB file. Once you extract the files,
import the "disallowedcert.sst" file from the certificate manager.

Additionally, download the latest revocation list from the Windows Update
server: (warning: long URL)

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab

This list is the most up to date, but doesn't include the older revoked
certificates included in the hotfix mentioned above.

For completeness, also download the latest root certificate list hotfix from
the Windows Update server:

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe

Extract it manually like mentioned above if it refuses to run under Windows
9x.

Then finally, get the most up to date root certificate list:

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Same as "disallowedcertstl.cab". It won't contain older certificates.